Tech

What Are Passkeys? A Guide to Password's Secure Successor

AI created, human edited. 

What Are Passkeys? A Simple Guide to Password's Secure Successor

In a recent episode of Hands-On Tech, host Mikah Sargent tackled a question that's on many people's minds: What exactly are passkeys, and how do they work? As more websites and services adopt this new technology, understanding passkeys has become increasingly important for everyone who uses the internet – which is palmostall of us.

Breaking Down Passkeys: The Basics

Despite their name, passkeys aren't physical keys you can put on a keyring. Instead, digital credentials are stored securely on your device, typically your phone or computer. Think of them as a sophisticated digital handshake between your device and the websites you visit.

How Do Passkeys Work?

Mikah explains the process using a clever analogy: Imagine you're visiting a speakeasy during prohibition. When you first arrive, you prove who you are, and are given a special phrase. But here's the twist – this phrase has two parts:

  1. A private part that stays with you (stored on your device)
  2. A public part that the speakeasy keeps (stored on the website)

When you return to the website, it presents your device with a kind of digital riddle that only your private key can solve. If your device can solve the puzzle (using your private key), you're granted access.

Setting Up Passkeys

The setup process is straightforward:

  1. Visit a website that supports passkeys
  2. Choose to set up a passkey
  3. Your device generates the necessary credentials
  4. The public portion is shared with the website
  5. The private portion stays secured on your device

Why Passkeys Are More Secure

In what Mikah calls a "rare case" in security technology, passkeys are both more convenient and secure than traditional passwords. Here's why:

  • No More Password Reuse: Unlike traditional passwords, which people often reuse across sites, each passkey is unique to its website.
  • Split Security: Even if a website is breached, hackers only get the public portion of the passkey – useless without the private key stored on your device.
  • Phishing Resistant: It's much harder to trick someone into giving away a passkey compared to a password.
  • Better Than Two-Factor: In many cases, passkeys provides more robust security than even passwords combined with two-factor authentication.

Using Passkeys Day-to-Day

Using passkeys is surprisingly simple. When logging into a supported site:

  1. Click the login with passkey option
  2. Verify your identity (using your face, fingerprint, or PIN)
  3. Your device handles the rest automatically

The Future of Login Security

As more services adopt passkeys, we're seeing a shift away from the traditional username/password combination that has dominated internet security for decades. This transition promises to make our online lives both more secure and more convenient – a rare win-win in the world of cybersecurity.

For those interested in trying out passkeys, many major services like Amazon, Google, and Microsoft now support them. Password managers like 1Password are also adding passkey support, making the transition even smoother.

Remember: while your fingerprint or face scan might seem like your passkey, they're actually just proving to your device that you're you – allowing it to use the actual passkey stored securely on your device.

Subscribe and never miss an episode! TWiT.tv/subscribe

All Tech posts